From owner-freebsd-bugs  Wed May 17 11:40:01 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA11133
          for bugs-outgoing; Wed, 17 May 1995 11:40:01 -0700
Received: (from gnats@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id LAA11126
          ; Wed, 17 May 1995 11:40:01 -0700
Date: Wed, 17 May 1995 11:40:01 -0700
Message-Id: <199505171840.LAA11126@freefall.cdrom.com>
From: Bill Fenner <fenner@parc.xerox.com>
Reply-To: Bill Fenner <fenner@parc.xerox.com>
To: freebsd-bugs
Subject: kern/429: de driver BPF/Multicast logic broken
In-Reply-To: Your message of Wed, 17 May 1995 11:26:38 PDT
	<199505171826.LAA01469@baobab.parc.xerox.com>
Sender: bugs-owner@FreeBSD.org
Precedence: bulk


>Number:         429
>Category:       kern
>Synopsis:       de driver BPF/Multicast logic is broken
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs (FreeBSD bugs mailing list)
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed May 17 11:40:00 1995
>Originator:     Bill Fenner
>Organization:
Xerox PARC
>Release:        FreeBSD 2.1.0-Development i386
>Environment:

	
	FreeBSD-2.0 SNAP-950412, although I checked -current as of
	5/16/95 and it was not fixed.  I assume that -current is
	the 2.0.5 tentative release.

	i386/config/FENESTRO has:

	device de0
	pseudo-device bpfilter16


>Description:

	
	if_de.c's BPF/multicast logic is broken.  It goes something like:

#if BPF is configured
        if there is a BPF listener
                send the packet to BPF
                If it was a packet I normally wouldn't get, then just drop it
        else if there is no BPF listener
                If this packet is not for me and not broadcast,
                just drop it (i.e. if it is multicast, drop it!)
#endif

	This means that if BPF is configured, but there are no BPF listeners,
	you don't get any multicast.

>How-To-Repeat:

	
	On a machine on the MBONE with a de card and bpfilter in the kernel,
	run "vat" and notice that you get no names showing up in the name
	window.  Leave the "vat" running and start a "tcpdump", and notice
	the name window fill up.  Kill the "tcpdump" and watch all the names
	gray out.
	

>Fix:
	
	
The reason for the checks is because BPF might decide to put the interface
in promiscuous mode.  Therefore,
a) if there are no BPF listeners, there is no need to do this checking
b) can optimize out the ethernet address comparisons by checking IFF_PROMISC

I have been running this fix for two weeks and haven't had any problems,
running multicast apps and tcpdump at the same or different times.

*** if_de.c.orig	Wed May  3 08:36:36 1995
--- if_de.c	Wed May  3 08:37:47 1995
***************
*** 567,577 ****
  #if NBPFILTER > 0
  	    if (sc->tulip_bpf != NULL) {
  		bpf_tap(sc->tulip_bpf, mtod(m, caddr_t), total_len);
! 		if ((eh.ether_dhost[0] & 1) == 0 &&
  		    !TULIP_ADDREQUAL(eh.ether_dhost, sc->tulip_ac.ac_enaddr))
- 		    goto next;
- 	    } else if (!TULIP_ADDREQUAL(eh.ether_dhost, sc->tulip_ac.ac_enaddr)
- 		    && !TULIP_ADDRBRDCST(eh.ether_dhost)) {
  		    goto next;
  	    }
  #endif
--- 567,575 ----
  #if NBPFILTER > 0
  	    if (sc->tulip_bpf != NULL) {
  		bpf_tap(sc->tulip_bpf, mtod(m, caddr_t), total_len);
! 		if (sc->tulip_if.if_flags & IFF_PROMISC &&
! 		    (eh.ether_dhost[0] & 1) == 0 &&
  		    !TULIP_ADDREQUAL(eh.ether_dhost, sc->tulip_ac.ac_enaddr))
  		    goto next;
  	    }
  #endif

>Audit-Trail:
>Unformatted: